>> host: scott brown, his wife, $2 celebrating victory as the win confirmed tonight by the votes, our thanks to wbz showing the results tonight in the speeches. let's look at the returns with about 98, 99% of the vote now in. scott brown with 52% of the vote, martha coakley, 47%, that translates and a vote difference of about 150,000 between the two of them, scott brown with 1.1 million, compared to over 1 million from martha coakley. while we were watching the speech by scott brown some new developments. this from politico the story also posted in the "washington post" reporting senator jim webb put out a statement this evening singing the notion of a quick senate vote is out of reach and pretty much make specification fight mou to what he says, quote, in many ways the campaign in massachusetts became a referendum, not only on health care reform but also the openness and integrity of the government process.

senator webb, a democrat from virginia saying it is vital we restore the respect of the american people and system of government and in our leaders to that and i believe it would be only fair and prudent that we suspend further votes on health care legislation until senator brown is seated. in the statement from virginia senator jim webb that cannot while scott brown was declaring victory tonight. you heard from martha coakley earlier. we want to hear from you. our lines are open 202-737-0002, that's the one for democrats and four republicans, 202-737-0001. if you are in massachusetts voter the number to call is 202-628-0205. we will hear from in the first from madisonville kentucky as the republicans now have 41 seats in the u.s. senate meaning the democrats no longer have the 60 seat majority necessary to end any filibuster. what do you think? >> caller: i think it was a good win for mr. brown.

i am a somewhat of a democrat, but i think this shows a week as the people, i mean we are part of president obama and harry reid and nancy pelosi trying to do, they are trying to shove this health care down people's throat and they don't want to and in fact obama -- we want him to work for the people and everything and they are not doing it right now and hopefully this will send a message saying wake up and stop lending dustin the wrong road. >> host: and you are a democrat? >> guest: >> caller: yes. host could you voted for barack obama in 2008? >> caller: know why did not. obama did not represent my values. i voted for senator john mccain and sarah palin. >> host: thanks for the call from kentucky. we will go to the republican line. debbie from lisbon falls, maine. good evening to you. >> caller: hello, good evening

-- >> host: did you see this coming in your neighboring state? >> caller: i'm sorry, what? >> host: did you see this coming in your state? >> caller: we sure did. the republicans and maine are excited in this outcome. we'd like to congratulate scott brown on this victory. we are thrilled, and i will let you in on a little secret with our own senator snowe, february 11th there is going to be an announcement of another great candidate who is going to be challenging olympia snowe for her senate seat and the nation should tune in because i think it is going to be another huge upset. >> host: and who is this candidate? >> caller: you will have to come to lisbon february 11th to find out. >> host: no indication? you've already peace talks. you've got to give some insight. >> caller: oh no, you have to come. it's not far away, february 11th. and i should be here in maine because it is going to be huge. >> host: okay. debbie, thanks for the call. jennifer joining from democrats

lined reaction to the returns tonight in massachusetts. what you think? >> caller: hello? >> host: you are on the air, jennifer. >> caller: yes, i feel the american people right now, independent, conservative, democrat, they don't know what they want. unless you work in health care and have many years of experience, you need health care 101 to know what is going on with health care. all of the american people are saying that this health care bill is being shoved down their throat. i worked in health care, home health care for over 20 years and watched the company's dream that the medicare system. i watched the prescription drug companies work with the doctors or prescriptions to benefit them in the pharmaceuticals, so this

-- republican mr. brown is going to give to the senate -- i just heard the lady that said olympia snowe is going to have a hard battle. this leedy is a republican. but she's moderate. they don't know whether they want a conservative republican or the old a moderate republican. and it don't make any sense the way that this country is just fighting over something unless you have health care one-to-one. 80% of the people don't even know what it is. they don't see what is being billed. if they have insurance. >> host: jennifer call. the house and senate back in session this week. a week from tomorrow the president will be delivering his state of the union address. of course, live coverage here on c-span and the media network

classes been retial, here in washington and nationwide on xm channel 32. gina is joining from north adams massachusetts. did you vote in today's special election? >> caller: hi, i did. i was hoping that martha coakley had one for several reasons. first as the gentleman prior to me has expressed there is a lot to the health care. there's a conglomerate of pharmaceutical companies out there that had been beating people to death. i live in north adams where the money doesn't flow as easily. and you have to acknowledge even senator ted kennedy worked his last days to make this something for the people this was a genuine man in politics for over 40 years, and as his last year in office tried his very best to

push this off. i also wanted to say that now, you know, that we lost the filibuster, the democrats of course, there's hopefully something inside where they can push something through before mr. brown gets his hands into this any further meeting in the next week or so. president obama might be able to do something that will help the people. i believe that mr. brown winning and saying things about taxes and what have you really go to the crutch of scare tactics. >> host: he has his first thought post only a few pieces went to light by scott brown, a stunning political upset over state attorney general martha coakley ranks as one of the biggest shockers in modern political history. and is likely to set off a will

to the repercussions both large and small. chris cillizza says martha coakley lost in the rearview mirror the attention of the political world will turn to the question whether or not congressional democrats particularly in the start jumpi. democratic leaders of the house huddled moments after the results were officials to try to settle at a strategy moving forward politically. we spoke to a handful of party strategists last night in search of the list to keep an eye on and among those that chris cillizza says to watch like skelton of missouri, john murtha of pennsylvania, john dingell of michigan, john spratt is a south dakota and leon croswell fallujah among others. yes, says chris cillizza, we know some of these members said recently the plan to run for reelection. we also know that an event like the republican victory massachusetts can change a lot in the mines in a hurry. remi cow is joining from pittsburgh california. democrats line. go ahead, please. >> caller: first all i want to congratulate senator brown. he has my vote and when he

decides to be the president of the united states, i voted for president obama last year and i'm very disappointed with the way this whole health care issue has been going on. first of all we need to have an open-door policy where we are making such decisions because it affects people now is making the decision but the rest of the united states public. and the way i see a senator brown defends the constitution of the united states and as a democrat, i'm going to be switching my vote when he decides to run for president. >> host: you are looking at a scene from earlier this evening, actually this is live coverage of the solution in the senator brown headquarters and we should you earlier the martha coakley headquarters where she conceded the race. president of, calling both the winner and martha coakley, the boston herald on its website and scott brown show up the hit one of the newspaper he did it. as scott brown rose to a win at boston herald donner, three by the way we will continue the conversation tomorrow morning on c-span washington journal with

amy walters who will be joining to give her perspective, and michael of the boston globe. charles is joining from st. phill, north carolina. go ahead, please. >> caller: yes, sir. i'm not surprised at all. mr. brown looks to me as a representation of a rural america. i am a republican and the reason i am a republican, we had a president in 1865 you might recall the name abraham lincoln, and that was the only race he won based on ethics, fairness, freedom and equality for everyone. >> host: he would house seat, too but then he lost a number of races. >> caller: well, that's the only one he did win though, was the presidency. he ran for other races. but brown has really impressed me. he came out of virtually nowhere and he has calluses on his hands where he works. and driving the pickup truck mr. obama said anybody can buy a truck. go to the troy, sir on and point

it is 50%. high school graduation, less than 50%. we need america taken back. ms. coakley, you were talking to the lady -- she made the statement these are the kind people the would vote for him that shot at wal-mart. does that lead not realize wal-mart employs more people in the united states of america than anybody except for the federal government and the only difference between the federal government and wal-mart is wal-mart makes a profit? >> host: charles, thanks f the call. the boston herald, also a fixture in massachusetts politics is a commentator has posted his story available on line. he says the smoke is brown. scott brown. by some pickup trucks don't let a few flurries bother them

whether brown wins or loses. he wrote earlier the lesson is clear the people are mad as hell and they aren't going to take it anymore. he says the party is over for obama and company. bruce is joining from chicopee massachusetts. what happened in your state today, are you surprised by the returns ready to expect this to happen? >> caller: i live in a complex where it is mostly elderly and disabled, and everyone here that all i know what was going to vote for scott brown because they were worried about health care and what not. and it's said, as massachusetts says so goes the nation. i believe in the midterm elections the republicans are going to take back the majority at least in the house because people are tired of spending, spending, spending in

government. and as ronald reagan said, one of the biggest problems is government itself. >> host: thanks for the call, bruce. the story from "the washington post" again, we read earlier this state that is posd post,"n and his victory has senator web of virginia, the democrat, calling for suspending the health care votes. in a statement he called for openness and integrity of our government process. senator wed singing its vital we restore the respect of the american people and a system of government, to that and i believe it will only be fair and prudent that we suspend further votes on health care legislation until saturday elect brown is seated. jim webb the story this evening in the washington post. tim on the republican line joining from orlando. go ahead, please. >> caller: hi, tips for taking my call and congratulations to senator brown. bye calling in regards to -- i

did vote for mccain and i looked at it as i'm going to graduate college in the next year and by understand [inaudible] i considered strongly voting for obama but i looked at it as an opportunity i supported everything obama said he could do and i hope he could do it but unfortunately i am seeing a lot of it hasn't come to fruition. so, with brown's victory, i'm looking as a republican victory we did have a filibuster and delete things in the government as a whole but we need more checks and balances on things such as health care and how we give our tax dollars going to things. a majority of americans have shown [inaudible] essentially i want more checks and balances, and my brother in law and my family lives up in

massachusetts and half of them are liberals and the other half of them are republicans, so it's kind of split in the family but i truly think as a whole america will be happier with more checks and balances and the ability that things can be overlooked with a one-man party running the situation. >> host: boston.com that line is brown would have been here can happen all over america and they have the actual numbers in terms of the vote count. we've been giving percentages with 52% going to scott brown, 47% for martha coakley kaj in terms of the actual numbers though, that is about 1,161,000 votes for the republican candidate compared to just over 1 million votes for the attorney general, martha coakley. in massachusetts. you are on the air, go ahead. >> caller: yes, it is nice to talk to you and for all of you that were not in massachusetts really seeing this happen was fascinating. i host a talk show in western

massachusetts and literally three weeks ago no one would have given scott brown a chance he kept on engaging the people of massachusetts and really offering them an alternative than just toeing the party line as the democrats, and it was fascinating to watch and the way he engaged and then just took over the race was unbelievable to watch and it was an incredible i guess victory for not the republicans but to just a grass-roots campaign. he was so far back in the poll through this whole process -- >> host: short, we talked of the "boston globe" poll that had more the coakley up by 15 percentage points just about ten, 12 days ago. >> caller: yeah, and he can on my show and you could tell there was something happening with him because of the calls we were

getting. people were engaging him because he has such a candidate so far that people don't engage. he's not touching traction but all of sudden the phone lines of my program are filled with callers asking the question some of them being very critical, but he was getting traction. but it happens almost overnight, just a fascinating political situation. was to somebody who has been watching this close, what did you think about not only his victory speech, but martha coakley's concession speech? >> caller: well, you know, it was fascinating because he really i think, you know, the gas in the truck was so much fun to watch in the sense that was his real campaign is i'm one of the people, i have a truck that has 201,000 miles on it, and the coakley campaign was one of pretty sterile following the obama program so to speak, and

it just felt very vanilla the whole time, and scott brown seemed very much of the people, which was something there was very refreshing for all of us. >> host: and of course the other point in all of this, first of all this special election never would have happened if they didn't change the rule when mitt romney was the republican governor and the concern of john carey won in 2004 he would have appointed a republican governor. and also massachusetts is that for elective a woman to the senate or governorship. >> caller: you know, on the top of the fans like so many people say who would have thunk that senator ted kennedy's seat would be replaced by a grass-roots campaign of star state senator, not even a federal, you know, he liked the official. there are no statewide republicans statewide elected

republicans in the state of massachusetts than now we have one. it is a fascinating political turn of events and one that i do think could very well be across the country. >> host: agreed to give back to boston.com. there is a map on there that we want to show that gives you a sense of where the vote came from for scott brown and martha coakley. you can see the blue area in boston of course in the western part of massachusetts heavily democratic as well as martha's vineyard, and off the cape, but then you can see through central massachusetts and the outskirts of boston and southern part near plymouth and the northern part of the state that went heavily for scott brown, and there are different shades of blue and our apologies to the radio audiences but light blue out of boston common of the darker blue which means she did not get comer the coakley did get the percentage of the victory she needed from boston and the western part of the state in order to offset the strength of scott brown in the

central and southern part of massachusetts. and you can check this out by logging on to boston donner. actual numbers, 1.1 million votes for scott brown compared to just over 1 million for martha coakley. neil strine from albany new york. democrats won. your reaction, go ahead, please. >> caller: i just want to congratulate senator brown. i just want to tell you that my wife and i, even though we live in new york, drove over to massachusetts on sunday and volunteered and became brown volunteers in massachusetts and made phone calls for the senator. >> host: and what made you do that? >> caller: because we are fed up. we don't want the health care bill. the fact they would not put it on c-span we thought was all right bribery in the country and the part of our elected officials and nebraska and the

unions convinced us that we have to do something. and i hope people are around the country have the same view that we found this weekend to do this because america has to turn a silver of four of our children and grandchildren. we have to start developing new industries. we have to drill for our own oil and our own gas. we have to keep the money on this side of the water, and i hope that senator brown hears me and i hope that he and the rest of the republicans and the rest of the senators and congressmen start thinking about america and start thinking about defending knous and not giving our rights away to the terrorists, and remember that we are the ones who work and make this country go and pay the taxes. >> host: a couple more calls. first is verney from queens york on the republican line. scott brown winning in massachusetts. what does this mean? >> caller: well, it had a lot

of political implications in that people discussed what they are pretty well as far as what it might mean to the health care. ayaan hirsi ali here to make a couple comments first of all. >> host: sure. >> caller: i appreciate c-span because c-span's one of the natural operatives that was able to shine the light on the making of the sources so that nebraska got something, new york state got something, and everybody else was treated if the bill goes through all else will come and c-span had something to do with what happened tonight. and the other thing i would like to say as i was watching bill moyers, channel 13, which i think is another good channel for political coverage -- the gentleman had written a book a few years ago, and he was

commenting about why bush won and his book was entitled "what's the matter with kansas." the implication is people kansas were of very smart. they didn't -- they were acting not in their self-interest by electing this republican. now, what i would like to know is what's the matter with massachusetts? thank you very much. >> host: thank you. from the "washington post," brown upsets coakley and the massachusetts rate and that the line below that online, this election dramatically alters the trajectory of obama's agenda. we will hear more from the agenda next wednesday in the state of the union address. we will go to tom joining from milward massachusetts three did you get the last word appropriately enough from massachusetts. what happened today? >> caller: well, what happened today was absolutely of no surprise to anybody here in

massachusetts. that last call from new york harbor to thank him because we are sick of being told we arrest to bid and even to let i watched the martha coakley concession speech she was more professional than i have seen her dahlkempe -- >> host: t think -- does she have a political future for an office in massachusetts? >> caller: no, she's done. martha, we will never hear from her again. but i would say that teresa, the state senate president in massachusetts, had the democrats not heard what we saw tonight and she said the bill -- excuse me, this is niki, tsongas, the health care bill is very complex, it went from three committees and plugging we are too stupid to know what it is all about. what we said in massachusetts like richard kristen, who is a representative what we are saying is you need to listen to

us. you need to hear us. at least listen to what we are saying. and they are so arrogant they keep telling us that you don't know what you are talking about. that is and what matters. we are sick of being told what to do instead of having them do what we ask. the next in line is i would say probably representative bob in line to head his ticket punched john kerry after that we are sick of being spit on and walked over. and something else i want to point out, scott brown, that is ted kennedy's tom thorne. >> host: thanks for the call. scott brown continues to linger a hotel in downtown boston as he savors his win. the win that came to the surprise of many people. a couple of weeks ago the polls show a double-digit lead for the candidate winning tonight by five percentage points. you can watch both speeches and all of the campaign coverage on line at cspan.org. thanks for joining us this tuesday evening and as always,

thanks for the calls and comments on the special election race. again the headline the democrats now lose a seat in massachusetts. it is a 41 republicans now in the u.s. senate and here are the final returns. 52% for scott brown, martha coakley at 47% and the democrats now with 59 seats in the u.s. senate. e brown to take the seat formerly held by ted kennedy.

we continue with our look at cybersecurity policy. this panel examines law enforcement privacy issues. the stevens institute of technology hosts this one hour panel. [inaudible conversations] it is my pleasure to introduce

bob elder. in all conversations from george mason university bald joined the research faculty of george mason following his retirement from the air force as commander of the eighth there force and u.s. strategics commands global trek component bald was responsible for nine wins and one direct reporting unit with two to 70 aircraft and 41,000 active personnel. general elder was the first commander of air force that would operations and led the development of the cyberspace mission for the air force. he possesses combat experience as an air operations operations center commander with 83 combat flying hours and is what senior staff positions in washington, europe and the middle east. general elder served as the commandant of the call which and how serves a doctorate from evin dee dee to university of detroit and as we to moderate the panel.

bob, thank you very much. >> welcome the group was talking as he walked back in that one thing that came this morning is we are a longer competing with panel a neither did they have to compete. what we are trying to address is a kind of thorny issue between cyber protection and individual privacy civil rights and personal liberties, and we also want to do this in this context of how you would prepare for and deal with something unthinkable like a large scale cyber affect. so recent events such as the attempted bombing a few weeks ago on the northwest flight to detroit reminds us we must employ 21st century solutions to with protect america and protect privacy and civil liberties. weigel it is clear america's national security depends on information sharing we must maintain the spirit of collaboration that insures those that need access to information. we also have to make sure such

information sharing protect both privacy and civil liberties. it is also clear information sharing to improve national security depends on the application of consistent and clear standards to recognize the challenges and opportunities of global communications, social networks and economy as well as the threat which accompany this globalization. we must safeguard civil liberties and privacy more efficiently and effectively by ensuring only authorized users are permitted access using technology and traditional control mechanisms to monitor the usage and identify abuses. we must regulate information security with automated compliance peter monitoring mechanisms that force all of the users to identify and validate themselves and flecha tend to concede authorized access or damaged systems and data. so, we've made is not really easy. we just do all that and everything is good. that's why we have this panel here. it's interesting, we enforce the kind of standards i talked about for doctors, dentists and veterinarians it for that matter even of the mechanics. we don't have such a similar set of standards for cyber related

activities. one problem perhaps is that treating someone like our pet and having something happened to the pet that is considered intolerable, but a cyber related problem really is unthinkable until it actually happens to us. so our panel today will address these thorny issues that cyber protection against individual privacy, civil rights and personal liberties and offer their thoughts how we prepare for the unthinkable large-scale attacks that dustin the economy or we of life. let me introduce these panelists. so, first of all, christopher the legislative counsel for american civil liberties union, great crash of inspector in charge of the u.s. postal inspection service, criminal investigations for cyber, christopher, senior vice president secure information systems, pablo martinez, the special agent in charge of u.s. secret service criminal investigations and gregory, the director of the project of

freedom, technology and security of the center for democracy and technology so we're going to do of that is try to address these specific general questions each of the members are going to took a few minutes now about cyber search and seizure laws and how they would differ from physical search and seizure, who has access to databases that include sensitive personal information and also a little discussion about what types of crime really require access to this database to be effective. so i guess i will go in the order i started. chris, can you start for us? >> sure. there was a sort of grab bag of issues so i will pull some of them. i know greg will talk about them as well as the other panelists. the difference between online privacy and physical privacy is probably most obviously understood by thinking about how the fourth amendment is

interpreted by the supreme court over the last 30 or so years. basically the court has said when you are in your home that is protected by the fourth amendment however all cyber information is by definition shared with someone else and the court said in a series of opinions such information along has fourth amendment protection by definition if you share it you didn't need to keep it private and that dates back to the 70's so you can see how over the last 30 years has not everything in all my world is shared with somebody with three is financial records even doctor's records everything is shared by someone, so as a result the fourth amendment no longer does and protect cyber privacy in the same way that it protects physical privacy. greg is going to -- of the statutes stepped up to fill the gap and the generally i would say don't do as good a job as

the fourth amendment does but greg is going to talk a little about the details of the statutes. to put on the second question very briefly, sensitive information, what protection does it received, none. if you want to talk about personal information, everyone in this room basically it has no protection. it is bought and sold by axiom to explain all the time, marketing information about what you, your interests are, where you go on-line, is the other commercial information because again it is held by a third parties and those five parties on the information and typically that sensitive information doesn't receive a lot of protection and then a law enforcement can access it in the same way that many other entities like marketers and other individuals can. there's a lot more to this but i don't want to step on the other panelists so i will pass it on

line. >> thank you, chris. i think from a law enforcement and corporate perspective i wear two hats, one from a consulting role to protect the u.s. postal service and one is in law enforcement officer to investigate crimes that relate to citizens, companies and our government. i think from a search and seizure perspective, chris made a good point about having shared information across all systems in order to be able to authenticate and to systems and the like. i think from all enforcement perspective is there is not as much of a change between physical search and seizure laws and online. we still have to get search warrants and two court orders. the legal constructs that we have to build on investigation

around are still present. i think where we of the struggles are the security is an authenticating out for customers and this is speaking from the corporate hat how do you identify the individuals that access in the website from a law enforcement perspective i have a lot of trouble with the use of public records did basis to authenticate any one because by the very nature the public and paabo and i spend too much time bling personal identifying information of american citizens and others from computer systems that are not in the united states and are owned by criminal organizations to see that is an effective means in order to be able to authenticate and know who our customers are. that presents a lot of challenges.

also i think one of the point here is what access database this law enforcement have to have in order to be able to conduct investigations. i think the law is appropriate in order to be able to get the search warrants and court orders necessary to gain access to data that is held whether it is an e-mail database or whether it is a public records database in order to get the criminal. one of the most significant challenges that we have is the international aspects of cybercrime. win based on estimates and public and i would probably argue a few percentile differences, but you know, 80% of cybercrime leads us overseas. mutual legal assistance treaties and the ability of foreign governments to help gain access

to data and information about who committed a crime or where the criminal is located presents the biggest challenge in order to protect our citizens, and with that i will go ahead and pass the baton. >> i think the gregg made it very good point about the fact that laws were cyber and physical are a lot of the mechanics legally are the same. but he also touched on the main challenges the actual acquisition of that evidence and the dispersion of that evidence across the jurisdictional and geographical boundaries can be a humongous challenge both for law enforcement and investigators in the corporate world. it's so easy now to move data an entire system with fertilization technology across various borders but jurisdictional the the geographically that pursuing the data can become very

difficult and in our work we have supported law enforcement in a number of cases where the warrant showed up we went to look for the data that they requested and the data had actually been moved by the subject to an entirely different locations are now it becomes an issue of the what is the local law were the data move to it is the war and still valid and so, that becomes a very interesting challenge. i think one of the other big difference is from the mechanics of the physical processing versus virtual cyber evidence if you will you can imagine this room filled with boxes of paper that might be relevant to a case, how long that will take to go through and investigative group of investigators and that effort, the error rate relative to processing that in a digital form. that much data would probably fit on any laptop assembly has

here or even a film drive of a new film drive and how easily that can be processed, search for key words and patterns and how will that can be reproduced and documented versus a physical search. i think on the pii side and who should have access to what, chris made a perfect point. and should have access and who can access it or two very different things. most pii various forms is out there. i'm not even talking in the commercial data bases. just googled yourself a little bit and pursue the avenues of information about yourself and you can find a lot of information about you that either you posted or somebody posted about you've. i am always somewhat amused by especially younger people who for example post a lot about themselves on facebook and realize how first of all the

internet never forgets and a member to, how much people talk about them on facebook and so there are pictures of the few potentially that you never posted or authorized to be posted as your friend posted for june and tag it and such. so there's a tremendous amount of information out there about you and your colleagues and family that you may not even realize is out there and under zero control who should have access to that well of the owsley law enforcement and intelligence community should have access to it when it is appropriate for their job and there is appropriate oversight and with that oil will handed off. >> thank you. i want to touch on a couple of points chris brought away when he talked about the amount of data in a room. i will give an example, first all and i think these are big issues that face and law enforcement today the fourth amendment search and seizure and cyberspace, but let's put this in practical forms.

a gigabyte is about 65,000 pages if you print it out, just about every laptop sold today in the market has anywhere between to hundred 50 to 500 gigabytes of storage so if we do the math with 500 hard drive you are talking about 33 million pages of documents if you stack them up remember if you print something that the copy machine this deck is usually about 500 pages which is about 3 inches. it starts to add up. there's a lot of information that could be stored on a computer to be the only dates back to the old days in the 80's and 90's when we did white-collar cases where we would pull up the 18-wheeler is when we were investigating not an account or not someone who penetrated into an account but someone who basically we were investigating the entire bank so we would pull in the 18-wheeler and take the entire data of that bank. so these are very difficult challenges facing the law enforcement today if the needle in a haystack is within the 500 gigabytes of information, what

type of tools we provide law enforcements of the confined that? is a very challenging task and it's not something that is easily done and with any type of software that we provide is going to allow them to do this quick. there are going to be positives and negatives, so where i'm going is the resources, technology and the aggregation of the data some will argue it's good and some argue it's bad but one thing it does it is easier for law enforcement and limits the amount of resources and in the old days if i back to that 18-wheeler were to get pages of information i would probably have to have a crew of 12 to 15 people loading the truck. i haven't even started looking at the data but loading a truck. now with this type of data i can have one computer xm are maybe two computer firms in examiners during the same search would have normally taken 20 people. we have to remember as we get smarter we are getting smarter because we are eckert getting

more data. if you've noticed when to go to the john yet or any other food store the half the average were looking for it's not just because they have a crystal ball and figured out we need to put more twinkies or whole wheat bread. they take the data depending on your shopping patterns and, you know, the giant car, every once you have a giant car when you go to the checkout counter there's a reason the eckert getting data on use of they can have the shelves stocked with the food you want. it's making it easier for you now you don't have to go to the grocery store two or three times, you might get everything you want with one trip to the first restore. that is possible because of the data that is being aggregated, so we have to be careful when we say there's too much of recent being gathered if we want to make stuff more efficient and easier and economically cheaper for companies to do business we have to take this into account. who should have access to these

databases is one of the other questions posed to us. greg will second me with this when you do cybercrime investigations the hardest challenge you have as attribution. how do you confirm the person who launched the amount where is in fact a guy sitting on fifth up in manhattan on the west side how do you do that and so at tradition is the biggest challenge. we have got to using multiple, we have to use different tools within the tool set to go across the spectrum to find or definitively say the person behind the keyboard is the person who launched or commended the hat. some of the data that we use to preserve the disinformation and commercially accessible databases who lives at that address even though he bounced through four or five proxy's before he got into the financial institution there was a record that individual lived in that house or that individual is a relative or something. so we have to take information

from eckert databases that are commercially available and used that with some of the other tools we might use commesso for example we might have a guy who committed credit card fraud in 1985. now it's 2009 and we're looking at the individual for committing some type of online fraud. well, we find a guy, we don't know who he is but we find him at an address. the first thing we do is run that a commercial database and find out with a second, there is a guy living there and then we run him through the criminal database and find out that same individual was arrested for credit card fraud in 1995. i'm not saying he's our guy but i might have a starting point because i've taken information from a commercial database along with information from a criminal database and put it together. knollenberg to start building my case to determine either to eliminate him as a suspect or potentially he becomes mauney defendant. so i'm going to use the tools and light will set to do that

and one of the west will set is going to be informational i obtained through a commercial database. i'm not going to just rely on that because like gregg said everything we do in law enforcement has to go and we have to attain some kind of court order or legal process, so somebody else other than the agent is determining if the information that has an aggregated and compiled against this and visual is in fact admissible in court. so these are some of the challenges we face. i think in the last panel, too we had somebody from ibm talking about smart technology. that commercial was great. a smarter community. for those of you from new york or not from new york there's a thing called the real time crime center that the nypd established and it was set up by ibm and what it basically does is allow us any time there's a crime that happens in new york with her is homicide or burglary or larceny before the detectives showed up on the scene they compile data of everything that is happening within the grid or that occurred

some of the law in force that was read to execute a search warrant before they go in there they know how many times law enforcement has responded to that building, how many violations, how many people were arrested for carrying guns at their domestic calls, held there in spousal abuse is what ever. it gives more information so that law enforcement is better prepared to go and. as you guys have all seen the crime rates of new york city and other cities have gone out. i prefer to your part of the reason is because a lot of the smart technology that's going in there. so i finish off and say we do have to guard civil liberties and privacy concerns and so forth but a member at what price. if you want to be smarter, safer and walk the streets in the city you have to take that into account that in order to do that to get smarter we have to eckert a more data and process the data.

>> thank you. >> the good news the time has been passed to the last runner and i will try to run quickly. the two points. the first relates to all of this data that is being abrogated by the third party data brokers. think about this. what of that data was actually maintained by the government. it was in a government database. how would the rules be different from the rules that apply when it's maintained by a private party. it would be night and day because if the data was maintained by the government the privacy act would apply and has this concept of fair information practices had its basis where things like a person about whom personally attend the full information is collected its nose of the collection of the purpose for which the data is collected. there's the concept the data of not be used for other purposes without that person's consent or at least knowledge. all of those protections the

would apply for data held by the government don't apply when the data is held by a third party and clearly whether we ought to consider applying some of those protections to the private database. the other point i want to make is to follow-up on what chris said. in terms of the protections afforded to information that's in the cyber world for wanted a better word as opposed to an formation or search is in the physical world and one concept does actually carry forward from the physical world into the cyberworld and that is as the information that is being sought is increasingly sensitive more process must be used to obtain at and more certainty about the suspicion that you have about that person must be shown.

so for example when the physical world to search a person's home you need to have probable cause of crime and get permission from a judge. to follow a person around on the street, to see what they are up to you don't need either of those things. in the cyberworld is the same kind of concept if you want to read what they wrote in the e-mail message you have to have probable cause of crime usually and you have got to get permission from a judge usually. if instead you just want to see who they were talking to, who they communicated with need probable cause, so it is the same kind of concept where as the information is more sensitive there is more process and certainty about the person to whom the information pertains they are involved in some illegal activity. in terms of security measures and cyber world one of the most

important lines to draw is the line the government should not be in the position of routinely accessing or monitoring private to private communications for a cybersecurity purpose. that is part of what the battle is about right now in terms of privacy and security. it's important to know laws to govern the law enforcement access to communications already provide a lot of authority for the providers of communication service to share that information when they need to protect their own systems against hackers and other wrongdoers. there are three exceptions to apply both to communications and real time and stored communications. but there isn't, all of those exceptions apply when an entity is trying to protect itself.

but there isn't that congress may consider acting upon is the concept that when you are acting to share information to protect other providers, once the fight appears there is a corresponding exception to permit that kind of information sharing. with that i will pass the baton to bob. >> thanks. what we started to try to do here is legal a framework and we have some specific questions to ask, and the first question we would like to address to the panel is other than cyber for an six tools and techniques of other types of information technology does bill law enforcement depend upon to investigate and apprehend criminals and duties cyber forensic tools, techniques and other information technologies post-religious to privacy and civil liberties? so, actually, chris, maybe

instead going -- i will let you start -- >> you know, rather than say when the aclu talks about law enforcement doesn't resonate usually at least law enforcement techniques, we don't have quite the credibility may be in some people's mind, so i don't think it is that useful for me to talk about specific forensic techniques so i'm going to shift the question a tiny bit and note that there is an awful lot of this universe of cybersecurity specific techniques, specific protection practices that have nothing to do with civil liberties and i think it is worth remembering sometimes it's an artificial construct security, privacy -- if you look for example gao report on government feelings inside for security, things they saw it on network management, failure to install patches, lack of encryption where necessary, poor network management, an effective

security programs, none of this has anything to do with privacy and many cio will say i do that stuff all day. it is worth noting as i think we have this discussion that many of the techniques of all enforcement need and many of the techniques the security professionals use to protect their networks have nothing to do with personal information and nothing to do with privacy so when we're talking about security and privacy, it is just worth focusing on all those things we can do without looking it personally formation now haven't really dodged the question i will pass the baton. [laughter] >> i will take the baton and build on that a lot of things chris talked about were the policies of running a secure network, and i think from a law enforcement perspective one of the challenges that we have is

finding the artifacts to compromise within the system. and when you design your network and when you decide how the network reports into a security council or some other security measures that you implement with the network and there's a compromise law enforcement needs to be able to come in and reconstruct what happened and as a corporation or the government or what have you constructed their network in a way that will have left sufficient artifacts of that compromise so we will be able to find them and understanding how net flow works and how that in the point that it's compromised media supply malware and information gets

extracted out of the network and following the path how that information goes through the network and ultimately to the bad guy, those artifacts or significantly important in a criminal investigation and if we can't follow a to be and then we have to make the jump to f because c, d, e don't exist from the net flow perspective it makes it difficult for us to put the pieces together in a criminal investigation as pablo said to put attribution to the criminal that's responsible for that crime. so the net flow analysis from the tools that perspective is essential and a really depends upon how well the network is constructed in order to be able from the reporting perspective to do that. vulnerable to the identification is also very important.

one of the challenges we have in the law enforcement community and cybersecurity community generally is virus, and the virus manufacturer ab and see all have different and a virus signatures they are looking for in the different collection methodologies which they identified the virus is in apply across the organization -- or their clients. getting access to the information is sometimes difficult for law enforcement to ensure that conficker is the same as some other fibrous and when you aggregate those from a crime identification perspective and put those to a particular subject that is a challenge i think we need to be able to build upon in order to conduct the investigations, and that is

a couple of the keys to putting a suburb investigation together. >> greg, can i ask for your input on this, please? >> gura and as the last runner again. i like the position. it strikes me that this problem about sharing information about a tax signature seems so difficult to solve. there are all kinds of structures set up for sharing information about cyberattack and yet still to this day it seems the problem still hasn't been solved. one problem that hasn't been solved is the outburst of when you were mentioning. it's that the government has a tax signature that are classified that it doesn't share that it would be very useful for companies to have so they can look for these signatures and

stop the attacks before they have been. one thing about intrusion detection to keep in mind is that it's often done and it can be done in a very privacy protected way without collecting a lot of personal the identifiably information except toward the end when you actually identified the attacker and i commend to people privacy impact assessment of einstein ii which the durham and homeland security issue describes how the government does intrusion detection because it is a very educational peace i think. ..

>> and i will turn to you first. >> a real good question for me personal but i am looking for ways to train law enforcement, the first i want to find an investigator. that is so important. with a good investigator, he is still with the issues for court orders and search warrants and arrest warrants and has been cross-examined by a good defense attorney. his mind said going into a cyber e-mail search warrant is different with somebody who has no investigative background. first, who i want to find the best investigator.

it even the technology is getting better it is getting easier for folks to use. everyone here carries a blackberry today 12 years old through 70 years old art that sending instant message, texting, technology is getting better. i want someone who understands technology but more importantly somebody who can't learn that technology not add a ph.d. level but i need him to be able to like their reader's digest of that technology. more importantly explain that technology to the prosecutor and the judge in layman's terms. that is the terminology used with like guise of a forensic lab. when you explain the capability of something where the action occurred you have to put it in layman's terms because chances are the prosecutor that you will present the case to for prosecution or the judge has one-tenth of

it technical capabilities. you have to tell the story so that the person head says i got you are saying. that is a bigger challenge. we need to do a better job of finding those individuals if those good are taught -- narcotics and homicide detectives and getting more engaged in the cyber related investigations. there is not a crime today that is not a computer platform used to commit the crime whether to do searches on how to build something or get away with it lowered for the communications sent to the individual, whether searching a commercially available database to find out where the individual might live. the computer is a platform used in about all cases. we have to do a better job

of getting the point* across to law-enforcement so they understand that and give the best practices. how did you go about searching some think? if you're going to issue a search warrant in the house? use the same concept. in not enforcement we can do a lot better than where we're at today. >> two things. the police need clear rules to apply because without them it is hard to educate anybody but those rules are. and second the front-page story bears that out. you went to question whether those are being followed.

today the post is the fbi four years collected telephone call record two sitting-- using national security letters about open investigations that are a prerequisite to collect data information. the people within the the american lawyers questioned the activity and they were not resolved in a way that is protected of the privacy of the people to whom the records pertained. >> this happened four years years, agents raise a question and it continued and disseminate disclose today because the independent inspector general report. another thing that would be helpful for law-enforcement trading would be to ensure that law enforcement officers attacked in a transparent ways of the

activities are being reviewed for people who are not necessarily at a staff meeting with them. if not by a judge but inspector general are 70 who has more independence. i said your the year fell laws are a prerequisite but they need to be up to date and that they are not. particularly with the electronic communications privacy act that was enacted 1986. it is hard to do with the problem of content with the third-party providers trying to see how it would access content. put the whole concept was based on communications with level of protection on my computer while it is a motion but when it is stored with the third-party.

when it is downloaded onto the computer of the recipient. it is all about point to point* communications. we have point to clough communications and a number of people who are qualified to access content stored by third party. the rules that apply are either weak or unclear. we also have social never came. it is the same concept where not necessarily point* to point* the people communicating as a group come as a network. what are the rules? sometimes you can get social networking information sometimes a court order would be required. guess what? the circumstances have determined which process is required for is often

unknown to the law enforcement officer who has to treat your the process. what is needed is an update to the law to have something solid on which to train law enforcement. >> thank you. how they to touch said technical aspect of investigating cyberattack san performing computer for and six. as technology advances so do the level of the attacks. we read the news last week of google and tied up but understand a lot of the attacks nbc's today for example, not only the exploits themselves that no package exists but also the threats that exploit it will deliver on to a system. today is memory for a six of

not only acquire from the system, we also need to collect memory because many of the things that we deal with today will not ever touch a disk or memories. the old school methodology of power down the machine the image of the drive followed that is not lost. so good digital forensic a strategy we try to collect in order is memory, network, a data it had net flow is one example then finally disk if we need it. we try to optimize the disc collection to be more focused on what we need by the network data and the memory data. as is discussed half of the

laptops have 300 jiggy s storage capacity. without much can be extremely time consuming when there is very little evidence there. from the law enforcement training perspective, they need to be trained in these technologies and techniques and keep up. we have a whole team led it attacked the analysis. that is all they do day in and day out and they are hard-pressed to keep up with these techniques that the merger on a daily basis. for a law enforcement agent instead of being a technical expert it can be quite a challenge. where that is successful is training for your first responders they are trained to protect the evidence and

do no harm than you have your specialized experts who are typically focused in a couple of niche areas you brought in a case by case basis to do their thing. finally there is just one aspect for the ease of credibility that can be moved around pretty easily. something important very investigator is you do not want to become part to the problem. but now with the case, she will realize with federation the records of people that you carry around a hard drive is fears of top of the case itself to become a huge problem. both with the law enforcement that we work with, we start to see a need to protect that the evidence

and have controls around that system and that evidence. >> i have one more formal question. and this one by the way we're really excited about doing this and three twisted three other arms. the question is what is the impact on cyber based disruptions and with privacy and personal liberty? and also to expend -- extend and we need some kind of action. >> the ability to communicate his importuned. there have been different laws establish not only for a national version sees but when a threat to loss of

life when providers can provide information to law enforcement and able articulate that is needed without a court order. but it provides it intel's law-enforcement you have time to show you have probable cause. i think the government is taking better steps to allow that to happen we need to continue to develop that information. that is a big challenge for law enforcement and taking these things into consideration. is sensitive information and law-enforcement needs it right away but again has come back within a certain amount of time with probable cause with that information. >>

>> it is important to emphasize it is not necessarily impact civil liberties. you want to make sure your police officers can talk to each other during 9/11 a huge security issue. it is important to understand that. one of the things i think is interesting, senator rockefeller has a bill that would allow the president to take control of the internet in the emergency even lock the sections down in the midst of a cyber emergency. that seems to be problematic from a civil liberties point* of view but also from a security point* of view. so much of the response too any problem will rely on information sharing and technology and private

resources and having the internet lockdowns somali people talk about after a terrorist attack we need to shut down the cell phone network to make sure they cannot debt to a another bomb or something outlandish. do you know, what happens with the cellphones system? it is filled with people responding to emergencies and utilize as one of the best tools for figuring out where the problems are and where they should be solved. thank government's role in some of these as first responders is not typically reduce see a problem but more of a cooperative role to provide tools and information and figuring how to what to resources are necessary and listing private actors to help the resources within the appropriate legal constraints. in some way it is not a problem but it can become one with bad security.

>> actually i will build on what chris said with a collaboration and cooperation is key to be emergency response. whether it be the emergency response system for the organization or for your organizations and have the operational plan in place to execute. clearly, those are in place we look very closely with the department of homeland security too not all made chair best practices but also tests those plans and i point* to the effort to the we are engaged in with cyber store three which is a homeland security exercise that will enable not only law-enforcement to respond to a cyber incident -- incident but also look across all of the

different sectors that are out there in order to it understand the impacts whether the law enforcement community, a number of different communities that are all participating in that exercise. other a massive denial service attack or mal where issue, we can collaborate or understand what our roles are from the response perspective to save said day >> what we will do is open for questions. one of the things that struck me every one people who want to walk up to a microphone. what you are talking about one of the law enforcement people or businesses

protecting civil rights come of both groups were equally determined to insure that law enforcement was able to operate at the same time and both groups are very sensitive to the civil-rights. it has been great working with this group. do we have a question? >> my name is david and i have been working with december security, cyber warfare area for a number of years. and in 2007, there was the exploit of the wi-fi chip set that enabled the hacker using another wi-fi device too basically its plate your colonel. what that did come a placed at risk over 83% of the entire world's days of wi-fi equipment.

i and a stand very well my rights and the fourth amendment. one of the things i like to argue is that if a hacker went ahead and perform that exploit on my ipod or wi-fi whether or not it is my personal device or weather not it belongs to my company that it in fact, is like breaking a window on my car and stealing my gps unit. it is like a home invasion. i should have a right under the law to have that act a seeing a tip on my colonel and taking over my personal property and essentially using that and placing morale wear on their property, that should be, if not already a crime. because it is an attack that

attacks the body and my a right to own property security. other constitutions are under the fourth amendment. but if we consider that kind of attack to be of lawful, which it should be if it is not already, we should be enforcing against the lead jig perpetrators protection to me or my company over to this is a sense in the businesses of united states of america. the full force of the law. if you can do that effectively , now basically you have gone ahead and reduced the potential effectiveness of an attack which potential the endangered 83% of all wi-fi. >> so your question for the

panel is first, is law-enforcement currently considered the of the galactic and then i guess the other question is since you have been violated in this way, just like your house broken into, should you be able to get the full force of the law to deal with that? and with the celebrities peace. >> if we did that would that not be a more effective way of enhancing the cyber security of the individuals as well as infrastructure and government? >> let's turn it over. it is it in fact, a violation of the law? >> when it: -- fall under the computer fraud? and easily protective system?

is it secured? did somebody go win without access? did they not have access them by breaking and come me throwing the rock through the window, and they have broken into the place. and did it exceed the unauthorized access. so we have to look at those two and ftse of the false in one of those two scopes with several others. the biggest, the dilemma that you bring up his with technology changing at the pace that it is changing to we have laws staying at that pace? maybe that violation is not covered under 1030 and maybe it should. imagine how difficult it would be for law enforcement too continuously change with the pace of technology. if their bosses an intrusion

committed because of an individual. you can report statues but with that allow law enforcement to do that? and somebody broke and using your system with 83% of the wi-fi system, i now can get your permission to monitor his activities and his only three years system because he is the unauthorized user. i can but whatever type of surveillance equipment i want to monitor his traffic. i have to have your permission but because he is in the system we are allowed to monitor what he tries to do. that is important because now i can see his intentions. is he trying to bring down the other 82 percent across the country? that is what is important to us. there are statutes that are

helpful but again again, technology changes so rapidly it is one of the biggest challenges facing law enforcement today. >> it is interesting. it is precisely the kind of action that some other groups applaud. individual action against somebody who you suspect has broken a crime for a lot and have evidence are probable cause to believe of course, everybody wants those people to be dealt with or arrested are put into jail. who we tend to complain about is the host -- wholesalers. let's watch everybody and look for information. and troll for criminals by processing the enormous

whether communications traffic the wholesale vs. retail surveillance. if you have evidence of the crime and lead to investigate that crime with whatever tools you need to do that within the framework of the probable cause totally appropriate. >> just briefly the second part of your question here comment was pursuing the perpetrator but one of the big issues his computer crime in general. how will you know, who did that? that ipo was already compromised and using it as a jump point*. getting to the individual is very difficult and a second

double maybe not in the united states. maybe in another country where it is not against the law. kidding into very quirky areas of have a lifeline separate -- prosecutor and can i prosecute maybe? >> grew not only give you the last word but the last word of the panel. >> it is a resources issue. i do think this is a computer trespass that is already a crime. there is the unauthorized access to a computer or commuting device and almost all of them are now. i think there has been a violation buff so the question is there is not a lot of prosecutions. but there are choices for law enforcement to pursue their crimes is another.

>> thank you all for your attention today. >> let's think the panel. [applause] >> at&t chief security officer amoroso spoke for 45 minutes at the cyber security conference at the stevens institute of technology's to make a key for joining as. what we would like to do now is give the opportunity to listen to lunchtime keynote speaker dr. amoroso is senior vice president and chief security officer for at&t services. he is responsible for the realtime protection of at&t's vast network of computing infrastructure including security policy, planning and architecture coming digital rights management and

support for the tv and entertainment initiatives for keira and heelys support for them bandaged network based security services. as for new jersey beginning in the bell laboratories working on numerous initiatives and author of research papers and four books including cyber security from silicon press which was written from three years. he also holds his ph.d. in computer degrees and a graduate of the senior executive program at colombia business school. he has judged there the past 80 years and his work has been featured in the "wall street journal." please join me in a ball coming dr. amoroso.

[applause] here we go. talking about critical infrastructure from cyber attacks is a topic that i think is on a lot of people's minds. my career personally has kind of tracked the past 25 years the evolution of computer security. we went from a discipline that was primarily focused on a small system with two problems are in now that they're much more complex and the old methodologies for using computer security may not match to will the way we do things now. starting with a picture of the at&t building until after the bombing in 1941.

but the obvious protection approach is the idea to build a fairly far urge fireball around the building. in those days you do not have the type of shattered glass be put in no. so had a grenade then thrown out through the class but the ltd notion of for the assets are in this particular building could have been anything. in the context of large-scale infrastructure protection, this is not recommended, although just about everybody in the ruby their works of our manages in infrastructure protected primarily using this type of approach. it is something that requires introspection. they built up question is

there even a perimeter anymore? something to keep in mind. another picture, this is an airplane that occasionally i will hawthorne to visit my boss and texas. you cannot see because my iphone camera did not have a flash. you cannot see all of the signs taped on the lowballed. i went ahead and put them in there because i think this is also a good paradigm. let's go around the horn. there is a sign that says restricted area. i don't know what that means. this signed -- cider other side of the board? >> it says emergency push to open then the skin down it says stores do not open. you clearly have a problem. you can see how somebody

decided they would take a bunch of messages. no-smoking that is a non securities sorts of things, a safety issue but it calls into question of what security does today a lot of jumble of things related to protecting against attack and other things. not motivated by security concerns are maybe an acceptable use cullis chief. brief prepared. at number seven number six. staff prepared. [laughter] this is what we do. think of the last picture i sure do that has a big fire wall in time of the -- in front of the infrastructure with a complex set of policy rules and welcome to come purity-- computer security 101. this is how we protect infrastructure.

and almost every case i have had the vantage point* where k with at&t working with every dealing with fortune 1,000 also soredium and sesnon to have a large perimeter with sound -- sandbags then take the messages around authorization, authentication and access control usually causing great confusion for the end user. the second message is that is not recommended as well 10 years ago i started to collect and i thought it would lay out basic principles, 9/11, i was actually coming to visit this building, the reagan building committee to

washington and pledged -- putting the finishing touches on a book for the political of the structure then 9/11 happened. i was so effected that i wrote -- rewrote to the thing. maybe it was my mood but i felt that after i read every right i was shouting every sentence. if we don't do this. all of the underlying words in what i was right thing. i put the book aside and smell the roses and left it there for about six or seven years. last year at the suggestion of my wife i picked it up again and thought maybe there were some things i could do to dampen the shouting. i have written with it and i am negotiating with publishers now. i will take you through the 10 basic principles that i see as to protect critical infrastructure. to become it is obvious but some of view you will think, does that match the

way we think about computer security today. maybe a couple you will finally disagree with that it is based on empirical and thinks that i have seen that make sense. let's start with a picture you will recognize. we do not use deception for whatever reason. there is a bias against it. i am not sure why that is how we catch benedict -- creditors on the internet. the idea we would present to hackers or terrorists the interface that includes intentionally planted vulnerability is something nobody thinks about. seems that should be a regular course of our best practices. with few days if you are an attacker looking for vulnerabilities thinking how different the you think about that problem in some of those could potentially be misplaced connecting the honeypot resources.

very, very limited r&d i would strongly urge you turn up the crank to up about 10 with the intensity the views saying pratt deception here it is an important point* and underestimated. also separating assets three design. when domain is moving a fire wall between the enterprise and the internet. that does not work but instead if there is a particular asset, think the training programs you may have in your organization. they probably sit behind the enterprise firewall and everybody goes about. and if you need to get access from the outside like a hotel room, you connect to the wi-fi and negotiate

and to the enterprise and do the training through gateway , and a twisted concept to funnel to gain access. what people started to do was push these types of assets out. there is a bunker with the internet door access locations then suddenly that changes a lot. you have taken an asset and separated it from the enterprise and you can protected properly. what is more you can even provide access to these things that makes a lot more sense cent to nine back to the enterprise. the second basic principle is finding assets that are important and providing protection is a better now part of the day to day protection. we really see it done.

number three is of that half of view in the room will nod and maybe want. the idea of a diverse set of computing and assets will bring strength to an organization as strikes me as obvious. you don't want is an attack with a cascade. you can build an attack that flicks a match into the organization and then it can cascade. just like the wurm program. it is a three line program. you find this system to copy them remotely execute on the target come it will then go off and find other systems. remotely execute you have copied and it will remotely executed has copied and it is a cascading effect. what happens when you see diversity?

one of many cases but there is a school of thought that says put all of your 871 basket and get a correct but my observation 2010 we as a community have a difficulty to build software that works properly so weird be better served to have diversity not only at the sir level but at the top level. but to have the structure for the entire organization surged by one computing information is a mistake from that perspective break if you talk about stop being capable of tax this is an important and worth pondering. this is a picture of the skin on the lunar module prep out with the smithsonian and basically had a piece of tinfoil.

[laughter] i'm not sure if i would of had the guts to get into that thing, and a wrench. and how many of us have computer security programs that are kind of like this? some protection that we presume to be the primary control well something is wrong if you are doing that. it probably would not be terrible controversy for me to say as the protector infrastructure but look at the enterprise and try to understand what is there, it is not there. of butter times if you go through the internal audits audits, you may find the fire wall and we will support some protocols allowed to a fire wall but

that is not an acceptable primary control to protect much of anything. you can see. we are little zero more than halfway through. this is a lot different than putting sandbags up in front in the enterprise and access rules in and out of the way people use the system is. it is fundamentally different. the way we train computer security professionals is a rigid in the first two pages which i suggest it really does a ripple through. >> it very well could be that the training would need to be rethought. balancing layers i think is important component as well. back when then tsunami there

were natives two through the sense that they had the understanding, it is hard to put into words, they needed to go to higher ground. they had somehow figured out or part of their instinct to correlate a lot of different things and make a decision. you ever worked in a security operations center, you will have that idea that based on data coming in and some external data were some human intelligence, a lot of times there is a decision to turn some think off horse your traffic in a different direction procure wish i could tell you there was a scientific method totally. if there was, the possibility of automating a

security operation system would be more reputable. maybe it is a gift. but there is the and $0.8 an ability to correlate data coming in and to make decisions. in my own career i can probably count a dozen times a day subjective decision is made around 34:00 in the morning about something when you have one hour to make the decision and you just do it. you know, that beautiful child somebody made a decision that saved her life. i do not want to play. of the hhs secretarsecretar y is experiencing and could have an impact on the essential services. when we talk about critical infrastructure, we mean by the systems that are essential to our nation or society.

we're not talking about entertainment are gaming but critical essentials services that are relied upon. over the last 20 years the power systems the direct control systems with computerized network access control with electro mechanical systems that we depend on. how is this done? in many cases soviet idea that we would learn to correlate and make decisions real-time during a cyberattack is still somewhat of an art that illustrated the human element that 2010 needs to be there. that is not part of any

security that you have to have human beings but that is my a observation. this is interesting. collecting data intelligent may i have had the opportunity a couple of months ago to spend a day with a group of privacy professionals can aa speech and spent the day wandering around going to different booths and trying to understand the privacy community. it reminds me of the '80s. there is still some question to the key initiative. 100% of the vendors their summing things are selling identity theft protection. the folks i was there, i was a guest of a group of folks said misspeaking, is it in the theft really the essence of what you are about?

they said no. it was awkward because 100% hard trained so i guess that is the financially driven component. almost every talk has something to do with advertising for online advertising that when you visit a web site, a cooking innovation and passed along and you may or may not like the fact when you get the mail about elephants suddenly you have to towers on your screen trying to sell you tickets to a circus. but that fundamental issue the idea of protecting one's privacy to the revolution and the way we do advertising. we don't think that is it the there. the traditional issues working in the of waste area with a encryption, providing

confidentiality with voice communications i think they would say that is not yet either. it is not an indictment but i just say the group reminds me of computer security because of the '80s we were not sure either. there were a lot of issues that we knew were right and it took us awhile to figure out what it is really about but part of the problem is collecting data and using it intelligence chief. anybody collecting data recognizes the first job is to make sure you're being respectful of privacy but if we cannot write a clear definition of those requirements it is tough. everyone in this room would say i can point* to this or that but i recommend if you step back and think about it there are a lot of different

camps and questioned how privacy in to the use of data. it goes without saying to do computer security property you have to collect data and there has to be the notion of observation and expectation. there was a wonderful pay burt pretend and i remember saying this is maybe the most important letter ever written in cyber security. she said did you collect data and do can build a model of what you observed, before you do that, characterize what would be measurements from that. could you build a profile of what is expected compared to write you observe and if it is expected and observed commemorating a bell.

if you collect data and a curve always looks like this every day. monday, tuesday, always the same then on thursday it looks like that, then ring the bell there may be a security issue. it seems so simple but nobody was doing it then. we build that into the systems in the '90s. that is collecting data and using it intelligently. but in the context of large scale everest sure what is the privacy issues? this is something we have to hammer out. something we need to decide. to remind to collect data for the purposes of cite -- cyber security? it is an open question of and one that we need to spend time it debating. this question it these

picture is a hoax. it sure looks like they are touching. it is amazing. but the concept is situational awareness, understanding the safety status of infrastructure is not part of traditional computer security because it grew up around small systems and doesn't make sense to think about situational awareness if you run a work group group -- hub with a gateway talking about a large military organization that is computerized and that worked, situational awareness suddenly becomes absolutely essential. every morning and my group i get the encrypted news flash

that tells me essentially what we know and the last 24 hours. in each of the eight out warships and a set of notes based on what comes in. human beings interpreting. remember my earlier comment? it would be nice if i could teach the automaton to do that and sift through the data with your interpretation of what is going on. fed is not right. there is situational awareness that begs a human element. i don't know if that is good news or bad news. i thought a lot of how you take different functions protecting systems from cyberattack and try to automate them. put something in place and don't worry about it and less lagos from green to yellow or yellow to red.

maybe it is old age but i believe human beings will continue to be absolutely essential in the day to day protection of critical ever structure. this begs the question how do we train them? i said earlier i think we can do some dusting off. there are things in there that point to things that remind me of 1975 a bias toward security and almost no mention at all of modern research and various it still in there about the way we use different protection and principles perpetrating is important and in particular president obama has recognized each are getting more interested in mathematics.

it might sound funny i am talking about critical infrastructure and also big game that we somehow train every youngsters to get interested in math and science and engineering. we will need youngsters to enjoy doing this sort of thing and i don't think we'll ever automate to waive the analyst some of you and the back to not know what this is. it is circa 1935, demonstrated above that locks the hand and tell released by the police and thus resetting the false alarm. she has a big smile on her face. she really believes they will come rescue hurt us the flames licked her heels she is willing to lock her hand into that box and confident

somebody will come running. this is from cyber security and what i have seen in the industry is a phenomenon called the 55th stage of the first job. if you work at a civilian agency and the government and and 80 percent come inevitably somebody will come to you and say guess what? i know you have 50 jobs or ray bree your doing and to their response as the 51st job then you today call it 2:00 in the morning. you are taught or hope and pray you do not ever get the call. you are trained to have every response occur. if you bump into somebody in the elevator and say hello. i have not talk to you. new incident response. [laughter] chuckle.

that is a conversation that occurs. that is the inverse of what you actually want. we want is the response to be this voracious dependable constant set of processes that go on and make a big fuss. here aren't two words are like to see purged as a false positive. those two terms have done more to damage our industry than any others. it says don't waste my time. unless you are sure the systems are crumbling, don't wake me up. what if a doctor said that at the end of the day? it is a bad day. nobody died. these people wasted airtimes. false positives all day. [laughter] let's turn mess so we do not have to unless they are

really dying, welcome to the discipline. we respond to the catastrophe and if we don't we are in no way. would give you an example it is not unusual for me to get the incident response called when that so many people are misbehaving. you might ask the question question, and as you yawned and take your cup of coffee at 3:00 in the morning are in a customer's completing? no. my boss? no. is there any impact? and no. follow that up with why did you wake me up? we understand if you make a fuss about the indicators 100 times one of those you actually get something before it hits. in 2003 when the slammer worm pit, it, i can only

imagine. i only had him standing in my hotel lobby and one of the guys said i want to show you something. january 5, 2003. look at this. they have gone nuts her price said okay. i didn't even know that what it was. we watched it. it went up and up and somebody was trying something on january 28 the slimmer wurm and we said we just watched somebody trying apparently the terrorists doing that could not get the software right either. we can write software against hacker have been trying all month we watched it so since then we built up a whole discipline around watching for evidence of somebody is trying something

and if that particular port or protocol is indebted and something important i turn it off or make a judgment call. which is more important? should the sales teams have access over the weekend to call in the sales results levying the enterprise open to the attacker would be a good idea to put the switch off? over the weekend coming keep the eye on and is something big happens over the weekend , do you get the point*? it is all of these things firing on all cylinders. it has nothing to do with those sandbags out front or all of those rules about who is carrying facto can and it has nothing to do with any of that. this is modern protection vs. all-time computer security.

fundamentally different and we will say goodbye to our smiling response%. i went to dickinson college in pennsylvania with my undergraduate. i visited the campus about 40 minutes from harrisburg pennsylvania. right after the three mile island disaster. that shows great judgment on my parents bar. [laughter] ♪

thing. like what is of our favorite monitor security through obscurity, and were hahaha. i get that is and how you build the cretul algorithm and hide the design detail hoping that will obscure the ability to hack it. but we can't for the field with the bathwater. the idea we would work in a critical infrastructure setting to maybe take a page of our federal government opened. federal notebook is usually pretty darn good about keeping fundamentally important critical infrastructure details hidden. that's been my observation in corporate america and in global sort of corporate environments not always so good. i see people coming youngsters

coming out of school to get a job at a bank the bank will give you a desk and pc and a truck your local area network which you can basically see everything. there's no concept of compartmentalization, there's often in proper marketing of data. like you will go to a meeting with the company and they will put up financial data that's marked at all. when is the last time you dealt with anybody in in the intelligence community that had this marked classified data? never. something that is so invaded and ingrained in the culture that i think we can act like to get page of the notebook and learn a little bit from the idea that maybe we can't have a system of laws along the lines of what we do in the intelligence community but we can certainly one to compartmentalize. you don't have to raise your hand but thing on your own here. how many of you leave your organizations have data markings that actually go to the level of project? you probably don't. you probably have some

proprietary thing and then maybe something about that and that is about eight. so if something is marked proprietary that means of yesterday you didn't work for my company you can see the you manage to get a job welcome to the company, here you go. you might work for three weeks in the company collecting data, you know, building cds of information and then quit and go somewhere else and do that. that is insanity that we will allow that kind of thing to occur in our corporations. i think's less so in government and more so in the corporations, so the idea of discussion is probably not known well in security circles but something we need to take more seriously. you see the wisconsin fan of the navy football games in the middle that's kind of a picture. the point here being everyone around that fan has something very common manly colin configuration the way they are

dressed and know that when you are building the operations we said earlier diversity was important but configuration doesn't necessarily have to be diverse. so finding some element in your enterprise organization network coming your systems that has some degree of commonality with respect to in all the standard or best practices is absolutely essential because when you see a deviation from that it sticks out. so i think that as well as as it hurts me to say this all these audits that i go through and you guys go through probably better than not, it really is something useful to have these types of audits. one thing i would ask and i know there's members here from the committee it would be nice if we could come up with one sticker you put on the lamp when you install a lamp and says ul approved on a. that is one sticker and it is an approval and everybody kind of biasing to meet. how many stickers you have on your enterprise?

you have sas and pcie and iso stickers and you get alphabet soup even your customers were internal audit team or externals they are putting their stickers. i have the equivalent of a lamp in at&t that has so many stickers you can hardly see the land so a would be nice if we could have some degree of consolidation in the industry. but the basic underlying pherae is still sound. that by promoting some degree of commonality in our standards and the way we do operations it highlights changes. so, i think my message here is that instead of firewalls and access control as the way we protect infrastructure that is as different from what we really need to do as maybe a bicycle is from 747 airplane, right. when he wore dealing with large systems, complex systems they

are fundamentally different than what we have been dealing with, say in a local network of a fireman. sestak the security books in yourself, including the ones i rose, pushed them off to the site and we need to start making room for a different way of thinking about protecting systems. with that i think we can take a couple of questions. i think there is a microphone in the back and if you raise your hand we can give you the microphone and happy to field some questions. >> as one of at least to microsoft people in the room, the strength for diversity thing i kind of get them but i think it is actually suggesting the wrong notion. surprise, surprise, why? [laughter] but we are talking about strength terse software integrity because through diversity as of this antiquated as we start out. the ecosystem regardless of its

software or other software it is fragile with all the abilities and were cutting practices that have been in place for decades now so we are at a point we are trying to teach that the ecosystem at large and is not just our software and microsoft that's bad, we are the ones in the news a lot because this large installed base obviously but i think we have to fundamentally get after the integrity issue around software and get out the practices and that is when i start seeing a profound difference in the kind of ecosystem that exists out there. that is just my comment. >> i don't disagree to take a comment what you are saying essentially is that software doesn't have any integrity right now. it's hard to find an industry like software anywhere in our society. if somebody tells you something that is knowingly broken like it, which we to have bugs and that routinely patches are issued and we accept them like an enterprise everybody stops particular day of the month and

we take these patches many of which are pretty critical and we chop them into the system at our own expense and by the way, very, very suspicious of that whole process because the number of patches you get from typical vendors are about the same each month and usually with christmas off, so in doing testing that's not how i find vulnerabilities, why? and i have a horrible image that maybe somebody has a library shelf of vulnerability somewhere and a little rolling letter saying what should we give them this month? how about this one and what about that one quick did we dream of critical? let's not do eni more. that is already too many and then you wait until the software can be discontinued and very the software with its vulnerabilities. i get that. i don't know how to translate into action. we can all say we need to do a better job of software but welcome to the central problem in computer science. eckert dykstra is probably the

greatest computer scientist who ever lived, died two years ago. he devoted his career to tell when all of us you better slow down because we don't know how to do software and if we keep going at this rate we will see catastrophe. he used to make a joke about a big fat word processing documents he said he learned physics and i don't remember what but he said my physics book, the duty of the physics i learned in about that many pages and my word processor mandible is about that many pages. what's coming on here. i learned the duty of physics in a fare as many pages as one program that runs on my computer. he didn't even have a computer. so, yes, i agree it is an integrity issue but again i don't know what to do about that except maybe try to get my kids to study the mathematics a little better. so yes, i get that. now the fact of the pieces, the basic modules, the building blocks of the system software don't work very well and if there are any software people in

here who don't agree, speak up now. the only way i know to deal with that is through diversity meaning if we were getting things perfect, fine, but all of your eggs in one basket and watch the basket do it right as andrew carnegie said that is how you get rich. but if the eggs are fragile and braking i don't want to put them in one basket i want multiple baskets. point well taken. >> [inaudible] >> right. he is saying be careful you don't want to sensationalize and say diversity. nor do i think any of these do. they are just in my observation i will give you an example. in telephony, there's a lot of telephony people here there are still in the vantage having circuit switch infrastructure separate from ip infrastructure. when you have a problem with when you don't lose any sleep if the other. we know where we are headed and my hair will get a little gray as we get to that point so it's clear to me there is a degree of strength to diversity.

during an incident response called one of the best things you can hear is don't worry, boss, that's incompatible, diverse, it doesn't connect still and you go boy that's a good thing. it is a nightmare but from the security perspective the fact that things are not interoperable sometimes save you about five hours of sleep so that is a fair point. any other questions? >> critical force protection agency. regarding first point using the deception a lot of talk has been and there's a community about using honeypots and gathering data intelligence data for how to protect your network, but regarding the fact it is an extreme resource called to manage that plus would you are already doing makes it challenging for small and midsize enterprises to do. is that something that you such as at&t or mr. sacks as a

service provider can in a sense provide as a service to provide the kind of data back down to the small made business enterprises to leverage the knowledge and the data that you collect to better protect the people that are connected to your networks? >> i think you will see more services, more managed services in the honey pot. but let's go back to the earlier question of around whether it is a resource hog. when you drive up to my house there's a little sign in the front that says this house is protected by such and such security and i shouldn't say this but i hit those things, i turn them off but i would never move this line. i love this sign because it basically is telling somebody you probably don't want to come over here. i'm kind of lying to people seeing that i've got something there. if, for example, you and i were running some big piece of infrastructure and we've got a press conference and get up and

say we are here to make an announcement we have put a bunch of fake vulnerabilities into the systems. they are going to look real but some of them are fake and a connected them off to the honeypot systems. we think that this was fundamentally improve our posture. thank you very much. no questions. then we walk off. now there's adversaries sitting there going could they be crazy enough to do that? and then you go scanning the enterprise and with uzi? tonnes of the liabilities including the ones you and i don't know about. you've just introduced an unbelievable amount of uncertainty to the whole game. it's like well, this is a subtle full verbal the i just found. it is a hole right into the enterprise, could they really be that stupid? this can't be. i'm going to go hack somebody else. it's the same thing as the sign. i'm not saying that is the way you do it. i'm singing the research and development in that area has been so thin that it's almost impossible for any of us to give

good empirical analysis on how these things were court would work. we shied away in computer science departments it is generally been socially acceptable to work on cartography if you do computer security but if you say what you work on is telling lies with software you're going to have nobody around you at the cocktail party, so we need to change that a little bit and i think the deception needs to become a little bit more acceptable. i think we've reached the end. thank you very much. i hope you enjoy your lunch and the conference. [applause]

now a discussion on palestinians particularly those living in the gaza strip. nearly three-quarters of those living in the palestinian territories are under the age of

29. the brookings institution in washington hosts this event. it is one hour and a 20 minutes. >> good afternoon, everyone. the panel is here and it is cui to be quite a task to come after jim wolfensohn and strobe talbott but we will try to do our very best on and on residence senior fellow with a double fence in center for development and i am delighted to be moderating this very distinguished panel. we had the pleasure and honor of being joined by representative kip ellison from the district of minnesota of the u.s. house. his philosophy is as he

describes it will not generosity and inclusiveness and he is tried to reflect the concerns of his constituency in the work that he's doing in many areas including human-rights and he will talk to us about some of his experience in visiting gaza. to his right is daniel levy senior fellow and co-director of the least taskforce that the new american foundation, and he comes to us with a long experience of negotiating peace agreements. he was senior adviser to prime minister barak. he was part of the israeli delegation to the negotiations, some of the results of which

mr. wolfensohn will just mentioned. to his right, amjad atallah is the co-director of the middle east task force the foundation and a specialist in negotiations in conflict and post conflict situations. he has a device to the palestinian negotiating teams in view of the person who advice is release and to advise the palestinians and as jim was saying earlier they're talking to each other and they are friends so there is hope. then to my immediate right we have andrew whitley from unrwa, the united nations works agency who has a and involvement with palestine and andrew is also an earlier life as a journalist with a financial times and other

prestigious newspaper so, and he actually wrote 20 years ago a book about the future of the economic future of palestine. >> not a book. [inaudible] >> and finally we have edward sayre, who is an assistant professor at the university of southern mississippi and the author of a very interesting piece of his book, generation in waiting, which is the sum of the work to date of the wolfensohn center on the middle east youth initiative and it is a joint publication of the wolfensohn center and the dubai school of government and edward also spent quite a bit of time at the palestine economic policy research institute so we have a panel of people who know whether

have demonstrate their commitment. i would like to start with congressman ellison and what images struck you when you visited gaza and ted ury of last year. >> that is a great question. first let me thank mr. wolfensohn and mr. talbott, the brookings institute and a new america foundation and all of you. a year after that very catastrophic said of defense we know now as operation demonstrates the world's attention hasn't been taken off this crisis and i think that is a good thing. you know, as i think about what i saw a year ago and what i hope to see in a few days when i go back to gaza, a reporter asked me one year later what has been done? it seems to me, speaking from the reporter's perspective that nothing has changed. my response to the reporter was

we would be fortunate if nothing had changed. it's gotten worse. the fact is since the operation the factories we toured which were bombed out and destroyed will clearly have not opened again. the hundreds of people working in particular biscuit factory are still unemployed. a group of men that i walked up and was talking to had constructed like a little hot from cinderblocks that wouldn't be surprised if those fellows were about the same age as i am, you know, they've got kids to think about and wives to care for and families to think about. they are probably still not working at this very moment. i went to a grocery store at a camp and i was told that there was a shortage of shekels in the economy, just paper notes, they didn't have enough, so i decided

to buy some stuff and give it to somebody and i did that and so i bought some candy bars. i was told they came off through the checkpoints which are still closed, but through the tunnels from egypt which have increased in numbers and so when i bought these shackles i mean, when i got these candy bars like good and evil these candy bars so i gave them to the kids outside and then they all kept coming up and i was told these children, their parents can't buy them these candy bars because the premium the displaced on those items is too high for the average to possibly afford. those children who went to the school maybe they went to the american school in gaza. that school was still destroyed and bombed out and before the bombing you could have gone in and perhaps rebuild and no concrete, no class camano items have been put forward to build that school back up and the

people who ran the school, who started the school are still jamming into limited space to try to educate children. we went to the hospital in the social room which had the most interesting depictions of disney characters coming to fi and the cartoons painted on wall. one half was disney characters and the others were remains of what used to be the wall. i'm pretty sure that paul has not been repaired and that the posttraumatic stress that those children have been suffering from has not been in alleviated. i am also sure that the children in southern israel we men are still hoping and praying that a rocket doesn't hit their home and they're still running for bomb shelters as deeply in playgrounds. it's still very awful conditions

that would make a few more points as you ask me what's changed. since the operation we all will remember i don't remember if maybe netanyahu and the conservative coalition swept in would be there or not but they certainly are there now. it's clear israel's to plot a position has slid backwards. they used to have a working relationship with turkey that has been damaged. larocco, they've had relationships that have been damaged and i think diplomatically and since the ecclestone report was released clearly there has been diplomatic damage to israel and the fact is i think in the final analysis it has been catastrophic for everybody and so we passed the credibility of the united states congress has

been hard -- >> sorry to interrupt you. i know it's hard to stop talking especially that the numbers are indeed quite shocking. just to illustrate -- too can i make a quick announcement? forgive me. next week the doctor who lost three of his children and a niece will be on capitol hill on january 20th and you are all invited, and he is alive and teaching in the university of toronto but is teaching casualties and we also are preparing a resolution filled with quotes from the american public officials on the need to address the humanitarian conditions. so with that i just -- >> we will come back to you. this is not you're only chance to speak. [applause] i just wanted to illustrate a figure that the congressman just talked about the destruction of

the capacity in june of 05 before the withdrawal they're worth 3900 industrial establishments in gaza that occupied and in .35 thousand people. in december of 08 of the 3900 had become 200 after the operation it had become 70 and 35 dozen people employed have come down to 1900 so it's those numbers we should ponder when congressman said the situation is not the same it's gotten worse and we are lucky that andrew here has a longer view of what has been happening in the occupied palestinian territories and when you see today and where we come from. >> thank you very much. ladies and gentlemen, in september, last september, the

general assembly of the u.n. called solemn commemoratives event marking the 60th anniversary without a cause of celebration because mof to pause and reflect on the fact the refugee question still persisted 60 years on. the speech is really didn't matter and they didn't last all but what really made an impact on almost everyone who salles was a huge poster the we had that draped the entire general assembly building which was very dramatic and it was a montage of pictures of young happy smiling boys and girls jostling for attention for the camera holding up little items and the slogan underneath, peace starts here, and that is our goal that we believe it is the young people many of whom are refugees in gaza, 70% of the population are refugees. 1.1 million are registered with unrwa after the total population. and these people clearly are so yearning and desperate for someone to give them something

tangible to hang on to as a means of hope for the future. and indeed as you heard from other speakers the prospects can be. john has just been referring to the employment statistics from local manufacturing while virtually all other alternatives for sources of employment have also been progressively eliminated. as jim wolfensohn was very well previous means or seven-point used to be a day laborer in israel. that is closed and gone. there used to be an extensive agriculture in gaza. almost completely destroyed, almost completely gone. virtually no self reliance. the fishing industry almost completely decimated. the local manufacturing as subcontractors for its release the five companies is business links. mr. wolfensohn refer to the business contracts between the west bank and the israeli companies. sightly that is not happening for a highly entrepreneurial

balsa business elite and that is tragic because these are the people who can provide local and planet so what are the alternatives for young people? to you can work for the hamas security forces, you can be on the payroll and be able to be a doctor or nurse or engineer but there is a limit to our ability to support people and it's not our job ultimately to replace the private sector or else you can work in the economy which as been a thriving business for the last year. and that unfortunately or fortunately from the point of view of cutting down on the smuggling but unfortunately from the humanitarian perspective because most of the goods coming in have been essentials to the life to support people looks as if that will be cut off, so once again another door will be closed and i would very much hope the counter to that would be that there would be relaxations of the israel crossings and i'm not sure that it will happen but we must continue to argue and advocate

that it should be because clearly the alternative is going to be continuing deepening sense of isolation, frustration of radicalization and what has changed in the past year is virtually nothing in terms of the condition on the ground except that hamas is much stronger than before. hamas is more entrenched in power. it is the population is more radicalized than it was. i am not saying hamas is more popular but it's more powerful and more determined to exert its own authority over all aspects of life. >> this is again a very sobering picture, but there is a need to think a bit more specifically about in this overall picture of what is the potential for the youth to find a way towards hope, employment, and i think edward, i would like to ask you to tell a little bit about what your research has been on these

issues. >> just to set the stage a little bit to think about, to come back to some of the things representative atallah said as well as mr. whitley the patrician even before the gaza war plus in the gaza strip especially for the youth. if you look back at what happened in the previous ten years there is an average having of the income from 2000 to 2008 already and this is largely due to the blockade that had been in place for several years. but in addition to that, the dire situation for the use of casa de beat de gaza as much more severe than was going on in the overall economy. some basic statistics about this include the fact that over 75% of the population of gaza is under the age of 30. approximately 30, 32% of that between the age of 15 to 29 and the rest is under the age of 15 and every colewort, every new

group of students that enters the school systems and gaza is the largest on record. on the other end of the additional system, the students are now going out into the labour force and they are going out and trying to get jobs and every year is a record number of job-seekers on average in the strip into those of a flexible 20,000 new job-seekers enter the labour force and this is in the situation where previously there were some release valves for these new workers that they could go to the gulf to get jobs or they could go to israel to get jobs or there was a possibility for more opportunity even in the west bank and there might have been in the gaza strip. all of his upper 20s have now been shut off and because of that is the lack of the ability to reach markets by producers, the ability to get raw materials producers and the ability to access your consumers as well for the manufacturers really

hold some potential for hope of creating a dynamic gaza gaza ecy that has been completely shut off even before the war last year of the cost of some of the mobility restrictions even when the borders were open or putting a surcharge of roughly 50 to 60% on every good produced in gaza to read it have to go through these security measures that would involve back-to-back trucking measures where they would have to be unloaded from the palestinian track to then be loaded onto an israeli truck and had checked everything that passed through israel. these restrictions dampened the ability of manufacturers in gaza to do much even before the war and now after roughly $2 billion of damage to the gaza strip economy that has not been rebuilt. the situation is just much more dire than it even was then. >> amjad, which like to build on

this? i would like to start talking a bit about what you think might need to happen, what are some of the possibilities to begin to think positively about getting us out of that very dire situation. >> by the we've had a very dismal picture presented of the situation on the ground. how would you make that worse? well, link the united states directly to it and the consequences of what's happening in gaza specifically to american national interests and then it becomes something of a fee theoretical problem about what the israelis and palestinians have to deal with it becomes a problem of what we have to deal with. the president did a remarkable job in his cairo speech almost a year ago when presenting a new narrative to the muslim world of the united states is a partner of the guide states with a restart with a new beginning with the muslim world based on mutual respect, reciprocity. he did something no previous

president as far as i can tell has done and which she actually equated the jewish right to self-determination with the palestinian right to self-determination. and said these were both equally necessary and equally american national interest which was a very profound statement that i think a lot of muslims all across the world grab on to. and one thing he did was he specifically stated the lifting the siege of gaza and that in subsequent statements as well and he did before the cairo speech was the lifting of the siege of gaza was something the united states was demanding and the need to be done. so now it is a year later. i was in gaza with a congressional delegation last summer and one thing now was remarkable was that every gazan ask when is the united states going to free palestine or gaza. they didn't ask when hamas was going to do it.

as a matter of fact no palestinian that we spoke with spoke about fatah or hamas. they spoke about the united states and asked the congressman when are you going to free basra. the idea that the allied states is in the tent or completely unable to exercise influence over israel or egypt and that the guide states cannot open the borders at all from either the egyptian side or from the sea or the israeli side is something that no palestinian in gaza the wimax believed. i suspect it is also something no muslim and the world believes. that puts a set quandary because it means over the last year the united states has been specifically associated with the siege on gaza which has become laconic of the palestinian struggle as a whole for the muslim world, and this would be a perfect place for the united states effectively begin. we are not hostage to the palestinians or the israelis. sometimes it seems we are what

we are not in fact. we have our own decision making capacity. we have also eckert of ability to influence events independent of what israel decides to do it with the palestinians decide to do. one place we could start is on gaza. one place we could start as lifting the humanitarian conditions that are affecting the people in gaza. we met a boy who couldn't have been more than 16 and he was telling us about a friend of his who had a son born in april he named obama because they had so much hope if you enter a lot of palestinian hopes in the past to see pictures of kennedy and the wall, afghan carpets on the wall with pictures of kennedy who had a kind of iconic status among the palestinians and seemed the same thing was happening with obama. at the same time, we met a woman standing in front of her home which had been bombed out during

the war and she kept asking about congressmen and congresswomen when are you going to rebuild my house? when are you going to rebuild my house? when are you going to rebuild my house and nobody of course had an answer to that. the only concrete is being shipped into the gaza strip is coming through the tunnels and the gazan can't afford that. the only class that is coming in is coming through egypt from the tunnels. it's not coming from the border. the united states on the one hand, the good news if the united states had the political will to actually make a statement and a stand on gaza it could. the bad news is it's hard to see how there is going to be a positive constructive peace process moving forward if gaza isn't part and parcel of that. >> what is the view from israel

i think the donner and stiff narrative remains one of as jim wolfensohn discussed earlier israel left in 2005. there was the continuation of the rocket attacks. where is the love, where is diprete lummis for withdraw? the fact that most of the international community is not recognized in the occupation because it always continues to control the sea, the air, the border exit's of course the egyptian one, the conditions of that withdrawal is unilateralism, nothing but entrenchment in parallel on the west bank, the immediate imposition of a blockade to the non-implementation of faxes and movement agreement doesn't really factor into the equation. what i would argue in terms of how this affects israel is if you take everything we just heard and then reflect back on

what jim wolfensohn share earlier this quarter of 15 to 25 fields, the under 15 duals which applies even more so and gaza than the rest of the region, where you think about this act of the d industrialization that is taking place it hasn't been about how to create more jobs but job creation has been discouraged and literally driven underground with the economy. how on earth can that serve the security of israel living next door. how can a population seeding with angry young people be in israel's secure interest? and i think israel is building a security nightmare, future security nightmare for itself with the conditions that have been created in gaza. now unfortunately the combination of know is really being allowed into gaza, myself

and amjad were together hoping to the coasting a congressional delegation. i am an israeli citizen. i couldn't be part of the visit. no is really even journalists has been allowed into gaza in the last three years. there have been some very creative and a brave attempt by some of the human rights community for instance we have the representative and is really a human-rights group. they've distributed video cameras to gazan record stories are adding this was reported in "the new york times" that dennett kuran some of the most popular is really knows what sites to get israelis some sense of the reality in site gaza but i think what you've seen as has been discussed if anything is a radicalization and today one sees hamas as double work against the phenomenon of al qaeda one of these and copycats emerging in gaza.

so i think the blockade is undermining rather than contributing to the israeli security and of course security has to be considered more broadly. and in that respect international legitimacy is a component of israel national security and i would argue nothing is done more to dent and underline and erode that for israel dinham action said it took place during the operation and then the on going in position of the closure on gaza. if i put in the context of where we are today, this attempt to relaunch a peace process in the absence of addressing and gaza, you're basically playing russian roulette with any peace process of you attempt to launch.

it's such a potentially destabilizing factor as happened last year. turkey was involved, is really, syrian mediation efforts, that ended as soon as the lead began. so the attempt to launch the peace process and kind of hope that no one will notice gaza is still there isn't a smart way to go especially, and i would like to add one more point which is what amjad focused on which is if the humanitarian angle isn't good enough for you and the israeli security angle wasn't compelling enough then there is an american i would argue national security interests here. when secretary clinton goes to a conference that took place last march, kids makes money to gaza, there can't be disbursed because you can't get stuff in. when there is a new american peace on why who has yet to set foot in gaza a year into office,

that doesn't do any good. by the way when someone like keith ellison visits gaza i would say that as good for american security the police and public diplomacy than virtually everything else we've seen. i'm sorry to embarrassing if i have been almost everything we've seen this year. when egypt is building a barrier on its side of the border which may even strangle the tunnell economy there are american engineers involved. america is getting blamed for this in the arab world america is getting blamed for the israeli actions in the arab world so if it is in high enough on the american agenda, and then on boy hasn't been there yet and i understand there are still department rules but i guess an envoy would be in the position to at least question whether he can circumvent those rules i think this is troubling for the u.s.. >> getting what you then say, but amjad said is there is a deficit of not knowing what the situation is.

and i would like to ask you what do you think should be done or can be done to change the image of the gaza of a place that is full of hamas terrorists to emphasize the humanitarian and essentially the total lack of hope that exists? what can we do so people get a sense of the situation? >> voices of ordinary people is very important indeed and i am delighted representative ellison is going to have this brave speed dr. to come and speak there. we have got a group of young children, ninth graders will be coming to the united states supported by the u.s. government. these are human rights students who have excelled in the program of human-rights, peaceful conflict resolution and tolerance and there is a reward the are going to be about to go to atlanta to the carter center, come to washington, meet the people in the government and then come to new york to the

united nations. these are a group of bills, 14, 15-year-olds as well as boys who will come a week later. people will be able to hear the authentic voice of young people and what they see as the future, and i find it remarkable despite everything busbee have gone through that the young people are still committed to the idealism of human-rights and they still can feel that there is something that is important and relevant to their lives rather than going in the other direction and becoming a potential suicide bombers or militants in some reports another. in addition to that naturally i would like to encourage far more people to be about to get into gaza when they can to see for themselves. i hope more congressional delegations will be able to go back there, and i would like to be put to see more of the business elite who we hardly hear anything about. people who have a strong desire to reestablish ties with their israeli counterparts because that was good business for them and something they had known

they can do to promote local employment in the area. let's start talking about companies that can help to be able to reestablish those links to the gazan manufacturers and can do such a good job for them and start to give people some meaningful sources of employment. >> let's assume again that the blockade is lifted. >> absolutely that is the precondition for everything. >> other number kaput steny interim of authority that and estimates for the economy to work their needs about 850 truckloads a day. at best there have been 127 at the very best and sometimes not at all. >> probably 20% and most of the range of goods is limited. israel deliberately is chosen an arbitrary sometimes rather cruel fashion the things that can come in and cannot come in. we had long propose to the coup. no light bulbs couldn't turkomen of batteries for hearing aids

for younger children. this is cruel and perverse. >> congressman ellison? >> i went to ed after me and brawling and left gaza, we met with a member of usaid, very committed servant and committed a public servant and he asked a question that startled me. he said what did you see there was what is going on? i said don't you know? you must be here every day. he said no, we haven't been there since 2003. there was a convoy attacked and instead of taking of the tactical step back to the drought how to go in and we simply don't go in there and we work through other agencies. so, one thing we can do now, don't even need a piece of legislation is half usaid personnel re-enter. that is something we can do not. you can write a letter and ask the secretary to do eight and i think it is something -- of written a letter and even asked

the secretary about this in congressional hearings and i hope that you'll will join me in asking that that happens. somebody's clapping. [laughter] let me also say after we left that meeting we met with an israeli military official who referred to hamas as hamastan, we can't do anything it is hamastan. we had to say my friend 75% of the people there are under 30 and another 60%, 50% are under 18 said they did not vote for hamas. we have got to help counteract this idea that anything goes in gaza because it is hamastan and i think that idea is operating and i think whether or not the israelis are deliberately giving this or not i think the policy, the defect policy is a policy of

provocation and we need to help our friends reflect on what they are doing because i don't think that there is a real thoughtful idea about the overall impact of what the policy is, and finally we had to argue you know, can they have macaroni and gaza? i think they already have it. i said no, they said they don't have macaroni or lentils or much of anything else and he said i will check on the macaroni. and then a few days later i heard there was a little maccaroni but i don't know if there is still macaroni or noss we are debating macaroni and i think we need to reflect on that, too. >> before i give the floor back to daniel, i would like to ask how much knowledge is there on your colleagues in congress? about the situation is. >> if you want to know how much knowledge to raise about my colleagues in congress all you

need to do is look at the vote on the report where in the eyes states congress voted to what is the language, not in any way accept any of the findings of the report, and the vote was something like 50 people to either present or no and everyone else voted for it and one of the big objections to passing this resolution is that other than brian and ii bet nobody read the report or even the executive summary so we are ready to condemn a report which we have not read at all that is how much we know about it. did it give you a good indication how much we know? >> daniel, you wanted -- speed this reminds me of the conversation perhaps close to an argument that i often find myself with my is really friends and the line will be why is this

different to what america is doing in afghanistan and iraq? there is a civilian price. there are civilian casualties. it is portable in any circumstance. now i am not a huge fan of the application of counterinsurgency doctrine everywhere, but at the core of that is the idea that in a conflict situation if you don't like a group of people when controls come to the eckert particular area or regime you are trying to win over the civilian population. and i think where israel has it so horribly wrong and gaza is it is punishing the entire civilian population. there is no distinction here. in fact if you open the border crossings and would be allowed the aid and the assistance organizations who are committed to their resistance not going to government purposes in gaza. he would be allowing them, you

would be allowing the private sector to rebuild and allowing them to rebuild the kind of institutions of civil society. i'm not saying that the regime approach is a good idea, but there is and is really a policy which is essentially, and this is what the goldstone report found that was so problematic because of the individual, it is essentially collective punishment and not only is that in contravention of international humanitarian law, there is a reason you ain't doing that in parts of the world you're involved in and i think that is the conversation i'm having with fellow israelis with the friends of israel need to be having in a much more forward leaning way with is really counterparts. >> in the panel earlier jim wolfensohn was talking about the fact is an increasingly vocal

and extremist religious growing force in israel. those arguments that you just made, but echoed a they have in israel? >> as i said for the vast majority of the population, see no palestinian come here know palestinian, think the palestinian list way to go about daily life. by the way there is a human understandable element to that. it's not the information is not accessible. it is people would rather not access it in a governmental circles yet i think one can have a sensible conversation with the current israeli leadership. i think it's partly the mistake of that u.s., the international community that they have gone a long way with what is known as the west bank first policy which is make conditions, show the palestinians if you live under a

moderate p.a. regime is good and the camaraderie to that is if you live under hamas is bad which means you are actively encouraging this policy. so if your net hon narrative is to encourage the policy than you were out a week place when you are trying to talk on the microwith israel about saying what the macaroni and because the policy is problematic. there is a very important report released by various international agencies called failing basra which is worth looking up and it goes into this with the international community failed to do. obviously there is the unrwa material as well, so i think you could kickstart a conversation. i think there is the potential receptivity and is really official circles but i don't think it is being challenged enough. >> if i were to asked each one of you what you think needs to be done right now to get the

situation frozen both in terms of getting information out and maybe finding points to restart a dialogue after all there is a need or willingness on the part of the u.s. government which came in very big in some of the interventions to do some things that was so where do we start? how about i start with you and go across the panel. >> a think simply the united states has to stop trying to identify what we want the israelis to do and what will the palestinians to do it and identify what we need to do. and there are things of course we ask the israelis to do and palestinians to do but there are things we can do and those are the things which identify and start doing right away. one for example we can't possibly help egypt built an honorable to breakoff the tunnels until we've actually opened up the borders to the humanitarian and reconstruction of goods sweet and open up the

border to the humanitarian reconstruction goods. the mechanisms to make sure hamas is not the distributor and recipient of those goods has already been worked out. andrew can go into detail about it but it's already on paper to read the details of how to do we are already there and hamas will not be in the position of saying no don't open up the border because we are not going to be allowed to be the ones driving the trucks were destroyed because that is an unattainable position for them to be in so they cannot say no. so the united states can begin opening up the borders even from egypt even if we can't do it from the israeli side and began to be seen. imagine the visual and pact throughout the world of the united states being the the liberator and fell one distributing aid and freeing the children of gaza. imagine that as opposed to u.s. army corps of engineer building a giant wall with egypt to build of the last remaining candy bars coming into gaza. those are the two competing narrative's right now.

and i just don't see the benefits to the united states being involved with the negative one. daniel? >> three things, be -- first all, move your policy to the position where you can be raising this issue in terms of the strategic long-term interests, the stuff in your chapter, the stuff that jim wolfensohn talked about and andrew talked about. america has a strategic dialogue. there is an incredibly density of malaysia chip with israel. so be moving in that conversation. the second thing i would say is in terms of dealing with the practical problem summary of the pretext. if part israel's predisposition of gaza is related to the situation to get to freedom of the israeli soldier, and i hope that he is freed, be encouraging

that deal. america doesn't have a key role to play but certainly would be encouraging that deal. if one of the pretext says who can we deal with in gaza, then i would say be encouraging the palestinian reconciliation for many reasons. but this could perhaps be one of them so removed the immediate reasons for not doing that and be demonstrating that you care. gaza has to be up there in the talking points. there was a jury significant european foreign ministers statement in december. read the calls on gaza in that statement. if american leaders every time they spoke about the middle east were beginning to use that kind of language i think the would be important. of course that will have to be eventually translated into practice. have the usaid folks and the special folks in there. >> i'm going to jump ov